To succeed, the attack requires use of an existing write-what-where kernel vulnerability; in this case the researchers used CVE-2015-1805, a flaw in the processing of vectored pipes by the Linux kernel.

Attackers can then exploit three privilege escalation vulnerabilities within the Knox platform's real-time kernel protection to avoid its security mechanisms, execute their own code, and gain complete control of the phone.

The real-time kernel protection feature is responsible for defending against kernel exploits.

The researchers found it can be subverted to gain root privileges, and then disable additional kernel protections and load a custom, unsigned kernel module so the /system partition is remounted as writable.

"Malicious access to the system account can be used, for instance, to replace legitimate applications with rogue versions, with access to all available permissions, without the user’s notice," the researchers wrote.

It's the second time in a year researchers have uncovered weaknesses with the security platform. In May, Israeli researchers Uri Kanonov and Avishai Wool posted detail of three Knox and Android vulnerabilities, which, among other things, revealed security risks in sharing Knox services with user applications.

All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.Your use of this website
constitutes acceptance of nextmedia's Privacy Policy and
Terms & Conditions.